By doing Penetration Test, you can get insightful information about identified security gaps
and maximize protection for valueable business asset from CyberAttack, reduce downtime cost,
and gain more trust from customer with a reliable security level.
OWASP Testing Guide: Web Application Security
This guide is divided into passive and active mode. The former will try to determine
all entry points of the application (HTTP headers, parameters and cookies)
in a non-intrusive manner, and includes 10 controls defined in information gathering,
while the active mode is split into 10 sub-categories for a total of 90 controls.
Finding the entry points Reconaissance Analysis of Error Codes
HTTP methods & SSL Configuration analysis infrastructure & Server level vulnerabilities identification
Enumeration techniques & Brute Forcing Access restrictions testing
Session fixation & session management vulnerabilities
Path travelsal & user management testing Access & document control testing
Attacking the application Exploiting & compromise possibility testings
Web Firewall Testing
Web Server Testing
Performing OWASP testing
Analyzing OWASP testing
Classification of Vulnerabilities based on risk & priority
Since most protocols are well-defined and have standard modes of interaction, network-layer testing is more suitable for automated testing. This makes automation the first logical step in a network-layer test. Because of such standardization, tools may be used to quickly identify a service, a software’s version, test for common misconfigurations, and even identify vulnerabilities. Automated tests can be performed much faster than could be expected of a human.
However, simply running automated tools does not satisfy a pentest needs. They cannot interpret vulnerabilities, misconfigurations, or even the services exposed to assess the true risk to the environment. They only serve as a baseline indication of the potential attack surface of the environment. Therefore, using the documentation provided by the organization during the pre-engagement, we should verify that only authorized services are exposed at the designated perimeter, and attempt to bypass authentication controls from all network segments where authorized users access the segmented network, as well as segments not authorized to access the internal environment.